We were wondering what kinds of precautions
users of Condor on Windows take when they allow multiple submit machines
to send executables to run on execute nodes, one particular case we are
currently investigating is Matlab and the behaviour of a self extracting
Matlab code which causes our heuristic antivirus package (Kaspersky) to
report a hidden installation e.g. a Trojan. We are loath to disable
any of the features of our antivirus package however the user that runs
the code still needs those jobs to run so we were wondering what kinds
of security precautions other Condor administrators are taking on their
Condor pool to balance the need to provide a secure workstation service
to cf 8000 users whilst at the same time allowing Matlab codes to run.
We are also interested in a straw poll of the kinds of antivirus
package that other sites have deployed and their strategies for coping
with interesting jobs like this Matlab self extractor. One idea we
have come up with is a testing regime which ultimately puts the blame on
the end user should they run a Trojan like program and damage execute nodes
in a testing sandpit before they run on the production pool. Do other
sites out there have a similar testing regime for codes ? We have
been doing some testing before letting user codes run on the production
pool for a number of years now
Thanks in advance for any advice you
can give...
Best regards
James
_________________________________________
Dr James Osborne
Condor Project Manager
Advanced Research Computing @ Cardiff (ARCCA)
Cardiff University
Redwood Building
King Edward VII Avenue
Cardiff CF10 3NB
Tel +44(0)29 2087 4657
Email osborneja1@xxxxxxxxxxxxx www.cardiff.ac.uk/arcca
_________________________________________